SlideShare a Scribd company logo

Open source identity management 20121106 - apache con eu

Download as ODP, PDF
Francesco Chicchiriccò
Francesco Chicchiriccò
Technology
1 of 27
Open Source Identity Management Francesco Chicchiriccò <ilgrosso@apache.org>
Agenda ● Identity and Access Management ● Vendor Vs Open Source solutions ● Apache Syncope
What's IdM about? ● Data records that contains a collection of data about a person – “Data record” → Account – “A person” → Identity ● The joint effort of business process and IT to manage user data on systems and applications.
IdM technologies ● Identity Stores – Storage of user information ● Provisioning – Synchronize account data across identity stores and a broad range of data formats, models, meanings and purposes ● Access Management – Security mechanisms that take place when a user is accessing a specific system or functionality
Identity Stores ● Examples – LDAP / Active Directory – RDBMS – Meta and Virtual Directories ● Accounts can be created and managed in one place only ● Each application manages authentication separately – The user may use the same password for all the connected applications
Provisioning ● Keeping the identity stores as synchronized as possible (and practical) ● Need to be customizable and flexible ● Priority: non-intrusive ● Focused on application back-end ● Communication: – Connectors – Agents
Identity Lifecycle
Access Management ● Mediator to all access to all applications ● Focused on application front-end ● Aspects – Authentication ● Single SignOn – Authorization – Federation (SAML, Liberty, ...) ● Mainly applicable to web applications ● Difficult integration with pre-existing apps
Aren't Identity Stores enough? ● Heterogeneity of systems ● Lack of a single source of information – HR for corporate id, Groupware for mail address, ... ● Need for a local user database ● Inconsistent policies ● Lack of workflow management ● Hidden infra management cost, growing with organization size
IdM in practice: before...
IdM in practice: ...after!
Vendor products ● Oracle – with addition of ex-Sun suite ● Novell ● IBM (Tivoli) ● Microsoft (Forefront) ● Niche players – Ping – NetIQ – SailPoint – Quest (now Dell)
Open Source non-ASF products Identity Stores Provisioning Access Management
Open Source ASF projects ● Identity Stores – Apache Directory ● Provisioning – Apache Syncope ● Access Management – Apache Shiro
Apache Syncope (incubating) ● Inception by Tirasa in 2010 ● Entered ASF incubator in February 2012 ● 6 ASF releases made ● Graduation as TLP currently under [VOTE] ● Rising in popularity – New PPMC members joined – ~80 mailing list subscribers, noticeable traffic – Our mentor Colm Ó hÉigeartaigh is these days introducing Syncope at JAXCON 2012 http://lanyrd.com/2012/w-jax/sxcyz/
Syncope: features ● Workflow-based provisioning engine ● Account / Password policies ● Agentless connection with Identity Stores ● Auditing & Reporting ● Shining admin console ● Customizable and extensible by design
Syncope: building blocks
Syncope: architecture Third-party Third-party applications applications RESTful controllers Administration Administration console console Users Roles Policies Workflow Business Scheduler Connectors Engine Intelligence Persistence (JPA)
Syncope: attribute mapping LDAP User uid: jblack givenName: John sn: jblack User Attributes mail: john.black@apache.org Username: jblack userpassword: ********** Nickname: jontheblack Firstname: John employeeNumber: 1432 Surname: Black cn: John Black Email: john.black@apache.org Database homeDirectory: /home/jblack Password: ********** Badge: 1432 accountId: jblack surname: jblack User Derived Attributes Fullname: John Black firstname: John User Virtual Attributes password: ********* HomeDirectory: /home/jblack (stored only on external resource) employeeNumber: 1432 fullname: Jock Black
Syncope: connectors ● Based on ConnId, hosted at GoogleCode, new home of Sun's Identity Connectors – Ready-to-use bundles: ● LDAP ● Active Directory Provisioning Engine ● DB Table ● CSV Directory API ● SOAP Common Code Objects & Utils SPI ● Google Apps ● UNIX – Write your own bundle Using Connectors
Syncope and the external world
Syncope: JEE deployment
Syncope: internal storage
Syncope: roadmap ● Role provisioning ● SOAP / SCIM interface via CXF ● Access Management features via Shiro ● Concurrent / Asynchronous communication with external resources ● OpenICF support
Syncope: (some) success stories ● iWelcome ● Bibliotheek.nl ● SURFnet ● Ospedali Riuniti di Ancona ● ARAG
Syncope: trying it out ● Online http://syncopedemo.tirasa.net ● Virtual Machine image ● Quickstart projects on Github ● New project from Maven Archetype ● Standalone distribution (soon available)
Questions? All text and image content in this document is licensed under the Creative Commons Attribution-Share Alike 3.0 License (unless otherwise specified). Apache, Syncope, Apache Syncope, the Apache feather logo, the Apache Syncope project logo and the Apache Syncope logo are trademarks of The Apache Software Foundation. All other marks mentioned may be trademarks or registered trademarks of their respective owners.

Recommended

Integrating Alfresco @ Scale (via event-driven micro-services)
Integrating Alfresco @ Scale (via event-driven micro-services)Integrating Alfresco @ Scale (via event-driven micro-services)
Integrating Alfresco @ Scale (via event-driven micro-services)J V
 
Fusiondirectory: your infrastructure manager based on ldap
Fusiondirectory: your infrastructure manager based on ldapFusiondirectory: your infrastructure manager based on ldap
Fusiondirectory: your infrastructure manager based on ldapLDAPCon
 
Deep Dive: Alfresco Core Repository (... embedded in a micro-services style a...
Deep Dive: Alfresco Core Repository (... embedded in a micro-services style a...Deep Dive: Alfresco Core Repository (... embedded in a micro-services style a...
Deep Dive: Alfresco Core Repository (... embedded in a micro-services style a...J V
 
Fortress Open Source IAM on LDAPv3
Fortress Open Source IAM on LDAPv3Fortress Open Source IAM on LDAPv3
Fortress Open Source IAM on LDAPv3LDAPCon
 
Build your LDAP Web Interface with LinID Directory Manager
Build your LDAP Web Interface with LinID Directory ManagerBuild your LDAP Web Interface with LinID Directory Manager
Build your LDAP Web Interface with LinID Directory ManagerLDAPCon
 
LDAP Development Using Spring LDAP
LDAP Development Using Spring LDAPLDAP Development Using Spring LDAP
LDAP Development Using Spring LDAPLDAPCon
 
Scala play-framework
Scala play-frameworkScala play-framework
Scala play-frameworkAbdhesh Kumar
 
What's New in OpenLDAP
What's New in OpenLDAPWhat's New in OpenLDAP
What's New in OpenLDAPLDAPCon
 

Recommended

Integrating Alfresco @ Scale (via event-driven micro-services)
Integrating Alfresco @ Scale (via event-driven micro-services)Integrating Alfresco @ Scale (via event-driven micro-services)
Integrating Alfresco @ Scale (via event-driven micro-services)J V
 
Fusiondirectory: your infrastructure manager based on ldap
Fusiondirectory: your infrastructure manager based on ldapFusiondirectory: your infrastructure manager based on ldap
Fusiondirectory: your infrastructure manager based on ldapLDAPCon
 
Deep Dive: Alfresco Core Repository (... embedded in a micro-services style a...
Deep Dive: Alfresco Core Repository (... embedded in a micro-services style a...Deep Dive: Alfresco Core Repository (... embedded in a micro-services style a...
Deep Dive: Alfresco Core Repository (... embedded in a micro-services style a...J V
 
Fortress Open Source IAM on LDAPv3
Fortress Open Source IAM on LDAPv3Fortress Open Source IAM on LDAPv3
Fortress Open Source IAM on LDAPv3LDAPCon
 
Build your LDAP Web Interface with LinID Directory Manager
Build your LDAP Web Interface with LinID Directory ManagerBuild your LDAP Web Interface with LinID Directory Manager
Build your LDAP Web Interface with LinID Directory ManagerLDAPCon
 
LDAP Development Using Spring LDAP
LDAP Development Using Spring LDAPLDAP Development Using Spring LDAP
LDAP Development Using Spring LDAPLDAPCon
 
Scala play-framework
Scala play-frameworkScala play-framework
Scala play-frameworkAbdhesh Kumar
 
What's New in OpenLDAP
What's New in OpenLDAPWhat's New in OpenLDAP
What's New in OpenLDAPLDAPCon
 
Apache Cayenne: a Java ORM Alternative
Apache Cayenne: a Java ORM AlternativeApache Cayenne: a Java ORM Alternative
Apache Cayenne: a Java ORM AlternativeAndrus Adamchik
 
Introduction to Node (15th May 2017)
Introduction to Node (15th May 2017)Introduction to Node (15th May 2017)
Introduction to Node (15th May 2017)Lucas Jellema
 
SOLID Programming with Portable Class Libraries
SOLID Programming with Portable Class LibrariesSOLID Programming with Portable Class Libraries
SOLID Programming with Portable Class LibrariesVagif Abilov
 
Give a REST to your LDAP directory services
Give a REST to your LDAP directory servicesGive a REST to your LDAP directory services
Give a REST to your LDAP directory servicesLDAPCon
 
Seda与Java并行编程点滴
Seda与Java并行编程点滴Seda与Java并行编程点滴
Seda与Java并行编程点滴Benjamin Tan
 
Do The Right Thing! How LDAP servers should help LDAP clients
Do The Right Thing! How LDAP servers should help LDAP clientsDo The Right Thing! How LDAP servers should help LDAP clients
Do The Right Thing! How LDAP servers should help LDAP clientsLDAPCon
 
Play Framework and Activator
Play Framework and ActivatorPlay Framework and Activator
Play Framework and ActivatorKevin Webber
 
Restful风格ž„web服务架构
Restful风格ž„web服务架构Restful风格ž„web服务架构
Restful风格ž„web服务架构Benjamin Tan
 
Databasecentricapisonthecloudusingplsqlandnodejscon3153oow2016 160922021655
Databasecentricapisonthecloudusingplsqlandnodejscon3153oow2016 160922021655Databasecentricapisonthecloudusingplsqlandnodejscon3153oow2016 160922021655
Databasecentricapisonthecloudusingplsqlandnodejscon3153oow2016 160922021655Getting value from IoT, Integration and Data Analytics
 
Update on the OpenDJ project
Update on the OpenDJ projectUpdate on the OpenDJ project
Update on the OpenDJ projectLDAPCon
 
Cassandra Summit 2015 - Building a multi-tenant API PaaS with DataStax Enterp...
Cassandra Summit 2015 - Building a multi-tenant API PaaS with DataStax Enterp...Cassandra Summit 2015 - Building a multi-tenant API PaaS with DataStax Enterp...
Cassandra Summit 2015 - Building a multi-tenant API PaaS with DataStax Enterp...Restlet
 
Super Size Your Search
Super Size Your SearchSuper Size Your Search
Super Size Your SearchPiergiorgio Lucidi
 
Full Stack Development With Node.Js And NoSQL (Nic Raboy & Arun Gupta)
Full Stack Development With Node.Js And NoSQL (Nic Raboy & Arun Gupta)Full Stack Development With Node.Js And NoSQL (Nic Raboy & Arun Gupta)
Full Stack Development With Node.Js And NoSQL (Nic Raboy & Arun Gupta)Red Hat Developers
 
Event Bus as Backbone for Decoupled Microservice Choreography (Oracle Code, A...
Event Bus as Backbone for Decoupled Microservice Choreography (Oracle Code, A...Event Bus as Backbone for Decoupled Microservice Choreography (Oracle Code, A...
Event Bus as Backbone for Decoupled Microservice Choreography (Oracle Code, A...Lucas Jellema
 
ASP.NET: Present and future
ASP.NET: Present and futureASP.NET: Present and future
ASP.NET: Present and futureHrvoje Hudoletnjak
 
A Backend to tie them all?
A Backend to tie them all?A Backend to tie them all?
A Backend to tie them all?LDAPCon
 
Talent42 2014 Sam Wholley -
Talent42 2014 Sam Wholley - Talent42 2014 Sam Wholley -
Talent42 2014 Sam Wholley - Talent42
 
How Class Data Sharing Can Speed up Your Jakarta EE Application Startup
How Class Data Sharing Can Speed up Your Jakarta EE Application StartupHow Class Data Sharing Can Speed up Your Jakarta EE Application Startup
How Class Data Sharing Can Speed up Your Jakarta EE Application StartupRudy De Busscher
 
Introducing the Jahia Log Analyzer
Introducing the Jahia Log AnalyzerIntroducing the Jahia Log Analyzer
Introducing the Jahia Log AnalyzerSerge Huber
 
Rich faces in_the_cloud_mini_booth
Rich faces in_the_cloud_mini_boothRich faces in_the_cloud_mini_booth
Rich faces in_the_cloud_mini_boothbalunasj
 
Apache Syncope 2.0 Enduser UI
Apache Syncope 2.0 Enduser UIApache Syncope 2.0 Enduser UI
Apache Syncope 2.0 Enduser UIAndrea Patricelli
 
Open Source & Identity Management
Open Source & Identity ManagementOpen Source & Identity Management
Open Source & Identity ManagementJISC Netskills
 

More Related Content

What's hot

Apache Cayenne: a Java ORM Alternative
Apache Cayenne: a Java ORM AlternativeApache Cayenne: a Java ORM Alternative
Apache Cayenne: a Java ORM AlternativeAndrus Adamchik
 
Introduction to Node (15th May 2017)
Introduction to Node (15th May 2017)Introduction to Node (15th May 2017)
Introduction to Node (15th May 2017)Lucas Jellema
 
SOLID Programming with Portable Class Libraries
SOLID Programming with Portable Class LibrariesSOLID Programming with Portable Class Libraries
SOLID Programming with Portable Class LibrariesVagif Abilov
 
Give a REST to your LDAP directory services
Give a REST to your LDAP directory servicesGive a REST to your LDAP directory services
Give a REST to your LDAP directory servicesLDAPCon
 
Seda与Java并行编程点滴
Seda与Java并行编程点滴Seda与Java并行编程点滴
Seda与Java并行编程点滴Benjamin Tan
 
Do The Right Thing! How LDAP servers should help LDAP clients
Do The Right Thing! How LDAP servers should help LDAP clientsDo The Right Thing! How LDAP servers should help LDAP clients
Do The Right Thing! How LDAP servers should help LDAP clientsLDAPCon
 
Play Framework and Activator
Play Framework and ActivatorPlay Framework and Activator
Play Framework and ActivatorKevin Webber
 
Restful风格ž„web服务架构
Restful风格ž„web服务架构Restful风格ž„web服务架构
Restful风格ž„web服务架构Benjamin Tan
 
Update on the OpenDJ project
Update on the OpenDJ projectUpdate on the OpenDJ project
Update on the OpenDJ projectLDAPCon
 
Cassandra Summit 2015 - Building a multi-tenant API PaaS with DataStax Enterp...
Cassandra Summit 2015 - Building a multi-tenant API PaaS with DataStax Enterp...Cassandra Summit 2015 - Building a multi-tenant API PaaS with DataStax Enterp...
Cassandra Summit 2015 - Building a multi-tenant API PaaS with DataStax Enterp...Restlet
 
Full Stack Development With Node.Js And NoSQL (Nic Raboy & Arun Gupta)
Full Stack Development With Node.Js And NoSQL (Nic Raboy & Arun Gupta)Full Stack Development With Node.Js And NoSQL (Nic Raboy & Arun Gupta)
Full Stack Development With Node.Js And NoSQL (Nic Raboy & Arun Gupta)Red Hat Developers
 
Event Bus as Backbone for Decoupled Microservice Choreography (Oracle Code, A...
Event Bus as Backbone for Decoupled Microservice Choreography (Oracle Code, A...Event Bus as Backbone for Decoupled Microservice Choreography (Oracle Code, A...
Event Bus as Backbone for Decoupled Microservice Choreography (Oracle Code, A...Lucas Jellema
 
A Backend to tie them all?
A Backend to tie them all?A Backend to tie them all?
A Backend to tie them all?LDAPCon
 
Talent42 2014 Sam Wholley -
Talent42 2014 Sam Wholley - Talent42 2014 Sam Wholley -
Talent42 2014 Sam Wholley - Talent42
 
How Class Data Sharing Can Speed up Your Jakarta EE Application Startup
How Class Data Sharing Can Speed up Your Jakarta EE Application StartupHow Class Data Sharing Can Speed up Your Jakarta EE Application Startup
How Class Data Sharing Can Speed up Your Jakarta EE Application StartupRudy De Busscher
 
Introducing the Jahia Log Analyzer
Introducing the Jahia Log AnalyzerIntroducing the Jahia Log Analyzer
Introducing the Jahia Log AnalyzerSerge Huber
 
Rich faces in_the_cloud_mini_booth
Rich faces in_the_cloud_mini_boothRich faces in_the_cloud_mini_booth
Rich faces in_the_cloud_mini_boothbalunasj
 

What's hot (20)

Apache Cayenne: a Java ORM Alternative
Apache Cayenne: a Java ORM AlternativeApache Cayenne: a Java ORM Alternative
Apache Cayenne: a Java ORM Alternative
 
Introduction to Node (15th May 2017)
Introduction to Node (15th May 2017)Introduction to Node (15th May 2017)
Introduction to Node (15th May 2017)
 
SOLID Programming with Portable Class Libraries
SOLID Programming with Portable Class LibrariesSOLID Programming with Portable Class Libraries
SOLID Programming with Portable Class Libraries
 
Give a REST to your LDAP directory services
Give a REST to your LDAP directory servicesGive a REST to your LDAP directory services
Give a REST to your LDAP directory services
 
Seda与Java并行编程点滴
Seda与Java并行编程点滴Seda与Java并行编程点滴
Seda与Java并行编程点滴
 
Do The Right Thing! How LDAP servers should help LDAP clients
Do The Right Thing! How LDAP servers should help LDAP clientsDo The Right Thing! How LDAP servers should help LDAP clients
Do The Right Thing! How LDAP servers should help LDAP clients
 
Play Framework and Activator
Play Framework and ActivatorPlay Framework and Activator
Play Framework and Activator
 
Restful风格ž„web服务架构
Restful风格ž„web服务架构Restful风格ž„web服务架构
Restful风格ž„web服务架构
 
Databasecentricapisonthecloudusingplsqlandnodejscon3153oow2016 160922021655
Databasecentricapisonthecloudusingplsqlandnodejscon3153oow2016 160922021655Databasecentricapisonthecloudusingplsqlandnodejscon3153oow2016 160922021655
Databasecentricapisonthecloudusingplsqlandnodejscon3153oow2016 160922021655
 
Update on the OpenDJ project
Update on the OpenDJ projectUpdate on the OpenDJ project
Update on the OpenDJ project
 
Cassandra Summit 2015 - Building a multi-tenant API PaaS with DataStax Enterp...
Cassandra Summit 2015 - Building a multi-tenant API PaaS with DataStax Enterp...Cassandra Summit 2015 - Building a multi-tenant API PaaS with DataStax Enterp...
Cassandra Summit 2015 - Building a multi-tenant API PaaS with DataStax Enterp...
 
Super Size Your Search
Super Size Your SearchSuper Size Your Search
Super Size Your Search
 
Full Stack Development With Node.Js And NoSQL (Nic Raboy & Arun Gupta)
Full Stack Development With Node.Js And NoSQL (Nic Raboy & Arun Gupta)Full Stack Development With Node.Js And NoSQL (Nic Raboy & Arun Gupta)
Full Stack Development With Node.Js And NoSQL (Nic Raboy & Arun Gupta)
 
Event Bus as Backbone for Decoupled Microservice Choreography (Oracle Code, A...
Event Bus as Backbone for Decoupled Microservice Choreography (Oracle Code, A...Event Bus as Backbone for Decoupled Microservice Choreography (Oracle Code, A...
Event Bus as Backbone for Decoupled Microservice Choreography (Oracle Code, A...
 
ASP.NET: Present and future
ASP.NET: Present and futureASP.NET: Present and future
ASP.NET: Present and future
 
A Backend to tie them all?
A Backend to tie them all?A Backend to tie them all?
A Backend to tie them all?
 
Talent42 2014 Sam Wholley -
Talent42 2014 Sam Wholley - Talent42 2014 Sam Wholley -
Talent42 2014 Sam Wholley -
 
How Class Data Sharing Can Speed up Your Jakarta EE Application Startup
How Class Data Sharing Can Speed up Your Jakarta EE Application StartupHow Class Data Sharing Can Speed up Your Jakarta EE Application Startup
How Class Data Sharing Can Speed up Your Jakarta EE Application Startup
 
Introducing the Jahia Log Analyzer
Introducing the Jahia Log AnalyzerIntroducing the Jahia Log Analyzer
Introducing the Jahia Log Analyzer
 
Rich faces in_the_cloud_mini_booth
Rich faces in_the_cloud_mini_boothRich faces in_the_cloud_mini_booth
Rich faces in_the_cloud_mini_booth
 

Viewers also liked

Apache Syncope 2.0 Enduser UI
Apache Syncope 2.0 Enduser UIApache Syncope 2.0 Enduser UI
Apache Syncope 2.0 Enduser UIAndrea Patricelli
 
Open Source & Identity Management
Open Source & Identity ManagementOpen Source & Identity Management
Open Source & Identity ManagementJISC Netskills
 
E gov security_tut_session_9
E gov security_tut_session_9E gov security_tut_session_9
E gov security_tut_session_9Mustafa Jarrar
 
Intalio’S Vision For An Open Source Bpm Suite
Intalio’S Vision For An Open Source Bpm SuiteIntalio’S Vision For An Open Source Bpm Suite
Intalio’S Vision For An Open Source Bpm SuiteTomoaki Sawada
 
User Interface Patterns and Nuxeo
User Interface Patterns and NuxeoUser Interface Patterns and Nuxeo
User Interface Patterns and Nuxeoanicewick
 
Integrating Apache Syncope with Apache CXF
Integrating Apache Syncope with Apache CXFIntegrating Apache Syncope with Apache CXF
Integrating Apache Syncope with Apache CXFcoheigea
 
Project midPoint or how a handful of fools fought the Giants
Project midPoint or how a handful of fools fought the GiantsProject midPoint or how a handful of fools fought the Giants
Project midPoint or how a handful of fools fought the GiantsRadovan Semancik
 
Evolveum: All you need to know about identity & access management
Evolveum: All you need to know about identity & access managementEvolveum: All you need to know about identity & access management
Evolveum: All you need to know about identity & access managementEvolveum
 
Open Source Identity Management
Open Source Identity ManagementOpen Source Identity Management
Open Source Identity ManagementRadovan Semancik
 
Integrating Apache Camel with Apache Syncope
Integrating Apache Camel with Apache SyncopeIntegrating Apache Camel with Apache Syncope
Integrating Apache Camel with Apache SyncopeColm O hEigeartaigh
 
Nuxeo World Session: Case Management Framework
Nuxeo World Session: Case Management FrameworkNuxeo World Session: Case Management Framework
Nuxeo World Session: Case Management FrameworkNuxeo
 
Nuxeo ECM Platform - Technical Overview
Nuxeo ECM Platform - Technical OverviewNuxeo ECM Platform - Technical Overview
Nuxeo ECM Platform - Technical OverviewNuxeo
 
Identity Management with midPoint
Identity Management with midPointIdentity Management with midPoint
Identity Management with midPointRadovan Semancik
 
Apache Syncope Identity Manager 20120623 confsl
Apache Syncope Identity Manager 20120623 confslApache Syncope Identity Manager 20120623 confsl
Apache Syncope Identity Manager 20120623 confslFrancesco Chicchiriccò
 
Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management IntroductionAidy Tificate
 
Understanding Document Managment Systems and Nuxeo
Understanding Document Managment Systems and NuxeoUnderstanding Document Managment Systems and Nuxeo
Understanding Document Managment Systems and Nuxeoanicewick
 
Identity and Access Management 101
Identity and Access Management 101Identity and Access Management 101
Identity and Access Management 101Jerod Brennen
 

Viewers also liked (20)

Apache Syncope 2.0 Enduser UI
Apache Syncope 2.0 Enduser UIApache Syncope 2.0 Enduser UI
Apache Syncope 2.0 Enduser UI
 
Open Source & Identity Management
Open Source & Identity ManagementOpen Source & Identity Management
Open Source & Identity Management
 
E gov security_tut_session_9
E gov security_tut_session_9E gov security_tut_session_9
E gov security_tut_session_9
 
Intalio’S Vision For An Open Source Bpm Suite
Intalio’S Vision For An Open Source Bpm SuiteIntalio’S Vision For An Open Source Bpm Suite
Intalio’S Vision For An Open Source Bpm Suite
 
User Interface Patterns and Nuxeo
User Interface Patterns and NuxeoUser Interface Patterns and Nuxeo
User Interface Patterns and Nuxeo
 
Open iam technicalarchitecture-v3-a
Open iam technicalarchitecture-v3-aOpen iam technicalarchitecture-v3-a
Open iam technicalarchitecture-v3-a
 
Apache Syncope and Tirasa
Apache Syncope and TirasaApache Syncope and Tirasa
Apache Syncope and Tirasa
 
Integrating Apache Syncope with Apache CXF
Integrating Apache Syncope with Apache CXFIntegrating Apache Syncope with Apache CXF
Integrating Apache Syncope with Apache CXF
 
Project midPoint or how a handful of fools fought the Giants
Project midPoint or how a handful of fools fought the GiantsProject midPoint or how a handful of fools fought the Giants
Project midPoint or how a handful of fools fought the Giants
 
Evolveum: All you need to know about identity & access management
Evolveum: All you need to know about identity & access managementEvolveum: All you need to know about identity & access management
Evolveum: All you need to know about identity & access management
 
Open Source Identity Management
Open Source Identity ManagementOpen Source Identity Management
Open Source Identity Management
 
IDM Reconciliation
IDM ReconciliationIDM Reconciliation
IDM Reconciliation
 
Integrating Apache Camel with Apache Syncope
Integrating Apache Camel with Apache SyncopeIntegrating Apache Camel with Apache Syncope
Integrating Apache Camel with Apache Syncope
 
Nuxeo World Session: Case Management Framework
Nuxeo World Session: Case Management FrameworkNuxeo World Session: Case Management Framework
Nuxeo World Session: Case Management Framework
 
Nuxeo ECM Platform - Technical Overview
Nuxeo ECM Platform - Technical OverviewNuxeo ECM Platform - Technical Overview
Nuxeo ECM Platform - Technical Overview
 
Identity Management with midPoint
Identity Management with midPointIdentity Management with midPoint
Identity Management with midPoint
 
Apache Syncope Identity Manager 20120623 confsl
Apache Syncope Identity Manager 20120623 confslApache Syncope Identity Manager 20120623 confsl
Apache Syncope Identity Manager 20120623 confsl
 
Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management Introduction
 
Understanding Document Managment Systems and Nuxeo
Understanding Document Managment Systems and NuxeoUnderstanding Document Managment Systems and Nuxeo
Understanding Document Managment Systems and Nuxeo
 
Identity and Access Management 101
Identity and Access Management 101Identity and Access Management 101
Identity and Access Management 101
 

Similar to Open source identity management 20121106 - apache con eu

Webinar: Applying REST to Network Management – An Implementor’s View
Webinar: Applying REST to Network Management – An Implementor’s View Webinar: Applying REST to Network Management – An Implementor’s View
Webinar: Applying REST to Network Management – An Implementor’s View Tail-f Systems
 
Splunk as a_big_data_platform_for_developers_spring_one2gx
Splunk as a_big_data_platform_for_developers_spring_one2gxSplunk as a_big_data_platform_for_developers_spring_one2gx
Splunk as a_big_data_platform_for_developers_spring_one2gxDamien Dallimore
 
Integrating Splunk into your Spring Applications
Integrating Splunk into your Spring ApplicationsIntegrating Splunk into your Spring Applications
Integrating Splunk into your Spring ApplicationsDamien Dallimore
 
An Open Source Workbench for Prototyping Multimodal Interactions Based on Off...
An Open Source Workbench for Prototyping Multimodal Interactions Based on Off...An Open Source Workbench for Prototyping Multimodal Interactions Based on Off...
An Open Source Workbench for Prototyping Multimodal Interactions Based on Off...Jean Vanderdonckt
 
Complete open source IAM solution
Complete open source IAM solutionComplete open source IAM solution
Complete open source IAM solutionRadovan Semancik
 
Thick Application Penetration Testing: Crash Course
Thick Application Penetration Testing: Crash CourseThick Application Penetration Testing: Crash Course
Thick Application Penetration Testing: Crash CourseScott Sutherland
 
Thick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash CourseThick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash CourseNetSPI
 
Introduction to Android Development and Security
Introduction to Android Development and SecurityIntroduction to Android Development and Security
Introduction to Android Development and SecurityKelwin Yang
 
Building APIs in an easy way using API Platform
Building APIs in an easy way using API PlatformBuilding APIs in an easy way using API Platform
Building APIs in an easy way using API PlatformAntonio Peric-Mazar
 
CIS 2013 Ping Identity Chalktalk
CIS 2013 Ping Identity ChalktalkCIS 2013 Ping Identity Chalktalk
CIS 2013 Ping Identity ChalktalkCraig Wu
 
SachinBC_Resume
SachinBC_ResumeSachinBC_Resume
SachinBC_ResumeSachin BC
 
Android application development
Android application developmentAndroid application development
Android application developmentLinh Vi Tường
 
The Analytic Platform behind IBM’s Watson Data Platform by Luciano Resende a...
The Analytic Platform behind IBM’s Watson Data Platform by Luciano Resende a... The Analytic Platform behind IBM’s Watson Data Platform by Luciano Resende a...
The Analytic Platform behind IBM’s Watson Data Platform by Luciano Resende a...Big Data Spain
 
Openstack India May Meetup
Openstack India May MeetupOpenstack India May Meetup
Openstack India May MeetupDeepak Garg
 
Log everything!
Log everything!Log everything!
Log everything!ICANS GmbH
 
Webdevcon Keynote hh-2012-09-18
Webdevcon Keynote hh-2012-09-18Webdevcon Keynote hh-2012-09-18
Webdevcon Keynote hh-2012-09-18Pierre Joye
 

Similar to Open source identity management 20121106 - apache con eu (20)

Webinar: Applying REST to Network Management – An Implementor’s View
Webinar: Applying REST to Network Management – An Implementor’s View Webinar: Applying REST to Network Management – An Implementor’s View
Webinar: Applying REST to Network Management – An Implementor’s View
 
Splunk as a_big_data_platform_for_developers_spring_one2gx
Splunk as a_big_data_platform_for_developers_spring_one2gxSplunk as a_big_data_platform_for_developers_spring_one2gx
Splunk as a_big_data_platform_for_developers_spring_one2gx
 
Samba management Console
Samba management ConsoleSamba management Console
Samba management Console
 
Integrating Splunk into your Spring Applications
Integrating Splunk into your Spring ApplicationsIntegrating Splunk into your Spring Applications
Integrating Splunk into your Spring Applications
 
An Open Source Workbench for Prototyping Multimodal Interactions Based on Off...
An Open Source Workbench for Prototyping Multimodal Interactions Based on Off...An Open Source Workbench for Prototyping Multimodal Interactions Based on Off...
An Open Source Workbench for Prototyping Multimodal Interactions Based on Off...
 
Complete open source IAM solution
Complete open source IAM solutionComplete open source IAM solution
Complete open source IAM solution
 
Thick Application Penetration Testing: Crash Course
Thick Application Penetration Testing: Crash CourseThick Application Penetration Testing: Crash Course
Thick Application Penetration Testing: Crash Course
 
Thick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash CourseThick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash Course
 
Improve Android System Component Performance
Improve Android System Component PerformanceImprove Android System Component Performance
Improve Android System Component Performance
 
Introduction to Android Development and Security
Introduction to Android Development and SecurityIntroduction to Android Development and Security
Introduction to Android Development and Security
 
Building APIs in an easy way using API Platform
Building APIs in an easy way using API PlatformBuilding APIs in an easy way using API Platform
Building APIs in an easy way using API Platform
 
CIS 2013 Ping Identity Chalktalk
CIS 2013 Ping Identity ChalktalkCIS 2013 Ping Identity Chalktalk
CIS 2013 Ping Identity Chalktalk
 
SachinBC_Resume
SachinBC_ResumeSachinBC_Resume
SachinBC_Resume
 
Ravi kumar
Ravi kumarRavi kumar
Ravi kumar
 
Using the Splunk Java SDK
Using the Splunk Java SDKUsing the Splunk Java SDK
Using the Splunk Java SDK
 
Android application development
Android application developmentAndroid application development
Android application development
 
The Analytic Platform behind IBM’s Watson Data Platform by Luciano Resende a...
The Analytic Platform behind IBM’s Watson Data Platform by Luciano Resende a... The Analytic Platform behind IBM’s Watson Data Platform by Luciano Resende a...
The Analytic Platform behind IBM’s Watson Data Platform by Luciano Resende a...
 
Openstack India May Meetup
Openstack India May MeetupOpenstack India May Meetup
Openstack India May Meetup
 
Log everything!
Log everything!Log everything!
Log everything!
 
Webdevcon Keynote hh-2012-09-18
Webdevcon Keynote hh-2012-09-18Webdevcon Keynote hh-2012-09-18
Webdevcon Keynote hh-2012-09-18
 

More from Francesco Chicchiriccò

Perché mai Tirasa? Career Day 2017 - UnivAQ
Perché mai Tirasa? Career Day 2017 - UnivAQPerché mai Tirasa? Career Day 2017 - UnivAQ
Perché mai Tirasa? Career Day 2017 - UnivAQFrancesco Chicchiriccò
 
DevOps practices and tools of a small company in love with open source
DevOps practices and tools of a small company in love with open sourceDevOps practices and tools of a small company in love with open source
DevOps practices and tools of a small company in love with open sourceFrancesco Chicchiriccò
 
Building open source identity infrastructures
Building open source identity infrastructuresBuilding open source identity infrastructures
Building open source identity infrastructuresFrancesco Chicchiriccò
 

More from Francesco Chicchiriccò (10)

Perché mai Tirasa? Career Day 2017 - UnivAQ
Perché mai Tirasa? Career Day 2017 - UnivAQPerché mai Tirasa? Career Day 2017 - UnivAQ
Perché mai Tirasa? Career Day 2017 - UnivAQ
 
DevOps practices and tools of a small company in love with open source
DevOps practices and tools of a small company in love with open sourceDevOps practices and tools of a small company in love with open source
DevOps practices and tools of a small company in love with open source
 
Building open source identity infrastructures
Building open source identity infrastructuresBuilding open source identity infrastructures
Building open source identity infrastructures
 
20100327 Triduo Pasquale
20100327 Triduo Pasquale20100327 Triduo Pasquale
20100327 Triduo Pasquale
 
Sviluppo DTT e Sofia
Sviluppo DTT e SofiaSviluppo DTT e Sofia
Sviluppo DTT e Sofia
 
Scrum: una metodologia agile
Scrum: una metodologia agileScrum: una metodologia agile
Scrum: una metodologia agile
 
Service Delivery Network
Service Delivery NetworkService Delivery Network
Service Delivery Network
 
Automatic Server Provisioning
Automatic Server ProvisioningAutomatic Server Provisioning
Automatic Server Provisioning
 
Workflow e dintorni
Workflow e dintorniWorkflow e dintorni
Workflow e dintorni
 
Hands On Cocoon
Hands On CocoonHands On Cocoon
Hands On Cocoon
 

Recently uploaded

Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 

Recently uploaded (20)

Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 

Open source identity management 20121106 - apache con eu

  • 1. Open Source Identity Management Francesco Chicchiriccò <ilgrosso@apache.org>
  • 2. Agenda ● Identity and Access Management ● Vendor Vs Open Source solutions ● Apache Syncope
  • 3. What's IdM about? ● Data records that contains a collection of data about a person – “Data record” → Account – “A person” → Identity ● The joint effort of business process and IT to manage user data on systems and applications.
  • 4. IdM technologies ● Identity Stores – Storage of user information ● Provisioning – Synchronize account data across identity stores and a broad range of data formats, models, meanings and purposes ● Access Management – Security mechanisms that take place when a user is accessing a specific system or functionality
  • 5. Identity Stores ● Examples – LDAP / Active Directory – RDBMS – Meta and Virtual Directories ● Accounts can be created and managed in one place only ● Each application manages authentication separately – The user may use the same password for all the connected applications
  • 6. Provisioning ● Keeping the identity stores as synchronized as possible (and practical) ● Need to be customizable and flexible ● Priority: non-intrusive ● Focused on application back-end ● Communication: – Connectors – Agents
  • 8. Access Management ● Mediator to all access to all applications ● Focused on application front-end ● Aspects – Authentication ● Single SignOn – Authorization – Federation (SAML, Liberty, ...) ● Mainly applicable to web applications ● Difficult integration with pre-existing apps
  • 9. Aren't Identity Stores enough? ● Heterogeneity of systems ● Lack of a single source of information – HR for corporate id, Groupware for mail address, ... ● Need for a local user database ● Inconsistent policies ● Lack of workflow management ● Hidden infra management cost, growing with organization size
  • 10. IdM in practice: before...
  • 11. IdM in practice: ...after!
  • 12. Vendor products ● Oracle – with addition of ex-Sun suite ● Novell ● IBM (Tivoli) ● Microsoft (Forefront) ● Niche players – Ping – NetIQ – SailPoint – Quest (now Dell)
  • 13. Open Source non-ASF products Identity Stores Provisioning Access Management
  • 14. Open Source ASF projects ● Identity Stores – Apache Directory ● Provisioning – Apache Syncope ● Access Management – Apache Shiro
  • 15. Apache Syncope (incubating) ● Inception by Tirasa in 2010 ● Entered ASF incubator in February 2012 ● 6 ASF releases made ● Graduation as TLP currently under [VOTE] ● Rising in popularity – New PPMC members joined – ~80 mailing list subscribers, noticeable traffic – Our mentor Colm Ó hÉigeartaigh is these days introducing Syncope at JAXCON 2012 http://lanyrd.com/2012/w-jax/sxcyz/
  • 16. Syncope: features ● Workflow-based provisioning engine ● Account / Password policies ● Agentless connection with Identity Stores ● Auditing & Reporting ● Shining admin console ● Customizable and extensible by design
  • 18. Syncope: architecture Third-party Third-party applications applications RESTful controllers Administration Administration console console Users Roles Policies Workflow Business Scheduler Connectors Engine Intelligence Persistence (JPA)
  • 19. Syncope: attribute mapping LDAP User uid: jblack givenName: John sn: jblack User Attributes mail: john.black@apache.org Username: jblack userpassword: ********** Nickname: jontheblack Firstname: John employeeNumber: 1432 Surname: Black cn: John Black Email: john.black@apache.org Database homeDirectory: /home/jblack Password: ********** Badge: 1432 accountId: jblack surname: jblack User Derived Attributes Fullname: John Black firstname: John User Virtual Attributes password: ********* HomeDirectory: /home/jblack (stored only on external resource) employeeNumber: 1432 fullname: Jock Black
  • 20. Syncope: connectors ● Based on ConnId, hosted at GoogleCode, new home of Sun's Identity Connectors – Ready-to-use bundles: ● LDAP ● Active Directory Provisioning Engine ● DB Table ● CSV Directory API ● SOAP Common Code Objects & Utils SPI ● Google Apps ● UNIX – Write your own bundle Using Connectors
  • 21. Syncope and the external world
  • 24. Syncope: roadmap ● Role provisioning ● SOAP / SCIM interface via CXF ● Access Management features via Shiro ● Concurrent / Asynchronous communication with external resources ● OpenICF support
  • 25. Syncope: (some) success stories ● iWelcome ● Bibliotheek.nl ● SURFnet ● Ospedali Riuniti di Ancona ● ARAG
  • 26. Syncope: trying it out ● Online http://syncopedemo.tirasa.net ● Virtual Machine image ● Quickstart projects on Github ● New project from Maven Archetype ● Standalone distribution (soon available)
  • 27. Questions? All text and image content in this document is licensed under the Creative Commons Attribution-Share Alike 3.0 License (unless otherwise specified). Apache, Syncope, Apache Syncope, the Apache feather logo, the Apache Syncope project logo and the Apache Syncope logo are trademarks of The Apache Software Foundation. All other marks mentioned may be trademarks or registered trademarks of their respective owners.

Editor's Notes

  1. I am 35, Italian, married, one child (3 years old ) and another on his way. I have a tricky surname. My nickname at ASF is ilgrosso, meaning &quot;the big one&quot; because, yeah, I don&apos;t wear a size S since I was 10 ;-) At ASF: Member PMC member at Apache Cocoon PPMC member at Apache Syncope
  2. Provisioning systems integrate many different identity stores. Provisioning systems communicate with each application: Connectors are pieces of code running on the side of a provisioning system; non-intrusive, do not requite any installation on the application side. Agents run on the application side; intrusive and require installation (and integration) on the application side; often more efficient
  3. A provisioning system makes an identity out of a sparse set of accounts. So, what a provisioning system does is known as Identity Lifecycle Management. Provisioning systems are then accompanying every relevant change in identity&apos;s life (inner circle) and provide specific features (outer circle).